third-party cyber risk management
Threatonomics

Fortifying Defenses: Effective Third-Party Risk Management in Cybersecurity

by Si West , Director, Customer Engagement
Published

As cybercriminals continue to evolve their strategies and target vulnerabilities in digital systems, businesses face an increasing need for robust third-party risk management. The first half of 2023 has been no exception, memorialized as a period marked by significant shifts in cybercriminal strategies. Notably, these evolving tactics have aimed at an often-overlooked aspect of cybersecurity–the third-party attack surface.

As headlines have been dominated by reports of high-profile cyber attacks on major organizations, one common denominator has emerged– many of these incidents were made possible by exploiting vulnerabilities residing within third-party vendors. Large organizations on average maintain 173 vendors within their supply chain, creating a massive attack surface with huge potential for security gaps. This growing threat has thrust the need for robust third-party risk management strategies to the forefront of discussion.

Comprehensive third-party risk management is crucial to safeguarding businesses and protecting sensitive data from cyber threats– a key component of Cyber Resilience.

Adapting to New Cyber Threats

The Resilience 2023 Mid-Year Cyber Claims Report reveals a strategic shift among cybercriminals toward exploiting vulnerabilities in third-party vendors. This trend has had a broader impact on organizations, leading to domino-style data breaches that devastate multiple businesses.

Insights from the Resilience 2023 Mid-Year Cyber Claims Report

Recovery Improvements: Those who experienced ransomware to the point that a payment was demanded were still technically hit. The fact that only 15% had to pay tells me that the other 75% likely had good recovery strategies in place which allowed them to forgo a ransom payment.

Shift Towards Larger Targets: The report indicates a strategic move by cybercriminals towards targeting larger organizations, a tactic known as “big-game hunting,” evidenced by increased ransom demands.

Vulnerability of Third-Party Vendors: The MOVEit attacks underscore the risks posed by third-party vendors, now identified as the leading vulnerability point in cybersecurity incidents.

Emergence of Encryption-less Extortion: A pivot towards encryption-less extortion tactics, where cybercriminals steal sensitive data and demand a ransom by threatening to release or sell the information without encrypting it, has been observed, complicating the detection and response to cyber threats.

Broad Industry Targeting: Cybercriminals have broadened their targets beyond traditional sectors, with manufacturing and education notably impacted in recent attacks.

Elevating Cybersecurity Through Strategic Third-Party Risk Management

Protecting your organization’s data, infrastructure, and other assets now requires extending security measures to include the attack-surface of each third-party vendor. Here’s how organizations can strengthen their defenses with thorough protocol development, security monitoring, and rigorous vendor assessments.

Protocol Development and Enforcement: Establishing clear, detailed protocols for your vendors to follow is critical for any effective third-party risk management program. These protocols outline security and insurance requirements and expectations for third-party vendors. Creating these protocols is just the start; the real impact comes from regularly auditing and enforcing these policies. Incorporating these standards into contracts makes compliance mandatory, improving the security compliance of the vendor network.

Comprehensive Vendor Assessment: A key element in third-party risk management is regularly performing thorough security assessments of vendors. These assessments examine the vendors’ cybersecurity framework, incident response capabilities, compliance with industry standards, and coverage. Organizations can use security frameworks, such as the NIST CSF or ISO 27001, to establish a vendor risk assessment process that uncover possible weaknesses within vendor networks. Having open discussions with vendors about assessment results and working together to address security issues is essential to sustain a solid cybersecurity posture against threats from any potential gaps within the supply chain.

Enhanced Security Controls: Proactive security measures up and down the supply chain are essential to counter dynamic threats that could trigger a sprawling incident. Implementing advanced security protocols and continuously monitoring third-parties can prevent potential threats. Tools like automated security scanning and real-time threat detection are crucial, allowing quick identification and response to vulnerabilities. Establishing procedures for immediate action when security breaches are detected strengthens an organization’s defense against cyber threats.

Integrating Risk Management into Cybersecurity Strategy

Integrating third-party risk management (TPRM) into a broader cybersecurity strategy is essential for creating a holistic defense framework that closes security gaps and understands its full value-at-risk. To integrate TPRM objectives with overall cybersecurity goals and strengthen the organization’s security posture, security leaders must actively seek out these gaps to address vendor risks.

Third-party risk governance and frameworks ensure that third-party engagements are managed under strict security standards to mitigate the damage of external entities’ data breaches and cyber threats. Organizations can maintain oversight over their vendor’s cybersecurity practices by implementing a unified strategy with each vendor. Working closely and maintaining strong relationships with your third-party enhances visibility into risks, facilitates better decision-making, and ensures a cohesive response to threats. By embedding TPRM into the cybersecurity strategy, organizations can ensure that security measures are consistently applied across all external partnerships, minimizing vulnerabilities and enhancing resilience against threats in the supply chain.

Anticipating Future Challenges 

Organizations must prioritize adaptability and agility to effectively anticipate and counter future cybersecurity challenges. This requires maintaining up-to-date knowledge of emerging trends and leveraging advanced threat intelligence.

The evolving tactics of cybercriminals in 2023 underscores the necessity of proactive strategies and continual evaluation of risk management capabilities. This involves staying abreast of industry developments, sharing intelligence internally and with trusted partners, and implementing measures to quickly address identified risks.

Embracing advanced technologies and fostering collaboration with industry peers helps organizations bolster their ability to detect and respond to emerging threats. By acquiring knowledge, utilizing advanced threat intelligence, and implementing robust cybersecurity measures, organizations can effectively anticipate and counter future challenges, strengthening their overall resilience. Strengthen your cybersecurity with our expert demo – see how our solutions protect your operations.

About the Author
Si West , Director, Customer Engagement

You might also like

OpenClaw went viral. So did its security vulnerabilities.

Personal AI agents promise to streamline workflows and automate routine tasks, but a series of recent security incidents has exposed a critical vulnerability in how these tools acquire new capabilities. The findings reveal that threat actors are exploiting the same supply chain tactics that have compromised traditional software ecosystems, while platform security failures are exposing […]

Killing legacy systems might be your smartest financial move 

Every CISO has that one system. Maybe it’s running on Windows Server 2008. Maybe it’s the manufacturing control system that predates your current CEO. Maybe it’s the ancient database that three different business-critical applications depend on, maintained by one person who’s been threatening to retire for five years. You know these systems are problems. Your […]

What your CFO actually cares about (and how to speak their language)

You walk into your CFO’s office with a carefully prepared business case for a critical security investment. The risk assessment is complete, the vulnerabilities are documented, and you’re ready to make your argument. But the moment you mention “attack surface” or “zero-day vulnerabilities,” you can see their attention drift. The issue isn’t that your CFO […]

Risk Briefing: Cyber extortion has fundamentally changed

On January 14, 2026, Resilience launched its inaugural Risk Briefing Series with a clear message for CISOs: the cyber extortion playbook has been rewritten, and organizations relying on traditional defenses are dangerously exposed. In the first session of this monthly intelligence series, Jud Dressler, Director of Resilience’s Risk Operations Center and retired U.S. Air Force […]

The 65% shift that proves ransomware as we know it is dead

The cybersecurity industry has a terminology problem. We’re still calling it “ransomware” when the majority of attacks no longer encrypt and request a ransom for decryption as their primary weapon. Resilience’s analysis of cyber extortion claims in our portfolio throughout 2025 reveals a dramatic acceleration in attack methods. Data theft extortion-only events rose from 49% […]

Why your enterprise risk framework needs threat intelligence

Here’s a question that should make any enterprise risk management (ERM) professional uncomfortable: How can you manage a risk you don’t even know exists? In my role leading threat intelligence at Resilience, I work at the intersection of cybersecurity and business risk. And I’ve noticed a persistent gap: many ERM professionals know cyber risk belongs […]